Tiny Tiny RSS: Community

Fail2ban – no correct remote address for “Failed login attempt” in error.log


#1

Im using ttrss in a docker container (https://hub.docker.com/r/linuxserver/tt-rss/) behind a proxy (https://hub.docker.com/_/traefik/).

Everything works fine except the remote address at “Failed login attempt” of error.log.

The “Failed login attempt” shows the ip address of internal docker network, for example 172.18.0.3.

Here I want to see the remote address to get fail2ban working.

Changing the ngnix access_log log format, helps to get correct remote addresses in the access.log but not at the error.log.

There is no option to set the ngnix error_log log format.

Because the error log entry of “Failed login attempt” is from tt-rss, I think only tt-rss can set the correct remote address?

Please help me to get fail2ban working.


#2

you’re right, tt-rss shows $_SERVER['REMOTE_ADDR'] which wouldn’t be correct for a remote proxy, it should probably also log X-Forwarded-For and X-Real-IP if those are set.


#3

@fox
Please add this to the ttrss source.


#4

I’m far from an expert so open to be “foxed” :slight_smile: but I spent some time looking at this last year, I originally updated the source to coerce this to work but a cleaner solution that didnt require hacking around in the code was to configure nginx’s realip module which has worked fine for the last 8 months or so.

http://nginx.org/en/docs/http/ngx_http_realip_module.html

My tt-rss is behind nginx and traefik, both protect the source IP correctly.


#5

I feel like this is the real solution because it actually handles the issue at the proper level of the stack.

(At the same time would it hurt to add a get_client_real_ip() function to pick the correct value? I don’t know.)


#6

more like get_client_maybe_real_ip() :slight_smile:


#7

@t7r5s, thank you for bringing me in the right direction.
It is really the cleaner solution to configure nginx’s realip module.

Just for notice (it can help others that run in the same problem):

For nginx:

For apache: